Hongkong Post e-Cert (Server)

Hongkong Post e-Cert (Server) certificate is issued
to Bureaux and Departments
of the Government of Hong Kong SAR, organisations
that hold a valid business registration certificate
issued by the Government of the Hong Kong SAR
and statutory bodies of Hong Kong whose existence
is recognized by the laws of Hong Kong SAR
(a "Subscriber Organisation"); and that
wish to have a certificate issued in a server name,
or multiple server names, owned by that
organisation.

With effect from 15 May 2013, two optional features
are available to the e-Cert
(Server) – "Wildcard" feature and "Multi-domain"
feature. Applicants may choose the following
options during the application:

An
e-Cert (Server) with "Wildcard"
feature can
be used in one server by default. Extra fee
per additional server applies if
it is to be used in more than one server,
and that the extra fee per additional server
shall be applied for the whole validity
period
of the certificate regardless of when the
certificate is to be used in the additional
servers.

e-Cert (Server)
with"Multi-domain"feature

$3,000
+Each AdditionalServer Name$2,500

$6,000
+Each AdditionalServer Name$5,000

An
e-Cert (Server) with "Multi-domain"
feature
identifies one server name by default. Extra
fee per additional server name applies if
more than one, but not more than 50, server
names are to be identified in the
certificate.

With effective from 1 July 2019, Sub CA
"Hongkong Post e-Cert SSL CA 3 - 17"
of Root CA3 will be used for the issuance of
all types of e-Cert (Server) (including e-Cert
(Server), e-Cert (Server) with "Wildcard"
feature and e-Cert (Server) with "Multi-domain"
feature). For
details, please refer to the relevant announcement.

With effective from 30 July 2018, Hongkong Post
Certification Authority will communicate directly
with the Domain Name Registrant using telephone
number provided by the Domain Name Registrar to
obtain a response confirming the application of
e-Cert (Server).

With effective from December 2017, the e-Cert
(Server), e-Cert (Server) with "Wildcard"
feature, and e-Cert (Server) with "Multi-domain"
feature issued by Hongkong Post Certification
Authority will support Certificate Transparency. For
details, please refer to the relevant announcement.

With effective from 1 December 2017, Hongkong Post
Certification Authority ceases to issue certificates
with 3-year validity period for (i) e-Cert (Server)
with "Wildcard" feature, and (ii) e-Cert
(Server) with "Multi-domain" feature. For
details, please refer to the relevant announcement.

With effect from 1 September 2015 to 31 August 2016,
e-Cert (Server) supporting Online Certificate Status
Protocol ("OCSP")
will be issued by default. e-Cert (Server) not
supporting OCSP with only 1-year validity period
will only be issued upon
written request. With effect from 1 September 2016,
only e-Cert (Server) supporting OCSP will be issued
with all validity
periods. For details, please refer to the relevant
announcement.

**With effect from
1 April 2015, the subscription fee
discount for e-Cert (Server) (without "Wildcard"
feature or "Multi-domain" feature) will be
offered until further notice. For details, please
refer to the relevant announcement.

e-Cert (Server) is issued only with 2048-bit RSA key
length. For details, please
refer to the relevant announcement.

With effect from 1 January 2015 to 31 December 2015,
SHA-256 e-Cert (Server) will be issued by default.
SHA-1 e-Cert (Server) with only 1-year validity
period will only be issued upon written request.
With effect from 1 January 2016, only SHA-256 e-Cert
(Server) will be issued with all validity periods.
For details, please refer to the relevant announcement.

In addition to the existing features on e-Cert
(Server), HKPCA plans to issue e-Cert (Server) with
Extended Validation ("EV e-Cert (Server)")
that supports the Extended Validation Guidelines ("EVG")
published by CA/Browser Forum. A pre-production CPS
for e-Cert (Server) and EV e-Cert (Server) is ready
for public review at here (Available in
English only).

A disclosure record of WebTrust for Extended
Validation SSL CA Operations for HKPCA is available
at
here.

Support by Common Web Browsers

Common web browsers such as Microsoft Internet
Explorer, Apple Safari, Mozilla
Firefox and Google Chrome now come with the Hongkong
Post Certification Authority root certificate
included
or available. Users of these web browsers visiting
websites that
are installed with the Hongkong Post e-Cert (Server)
certificate will be free from certain alert messages
or manual intervention when their browsers establish
a secure connection to these websites.